Thu, 31 Aug 2017 15:18:52 +0800
merge
1 /*
2 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
26 package com.sun.xml.internal.ws.util.xml;
28 import com.sun.istack.internal.Nullable;
29 import com.sun.org.apache.xml.internal.resolver.Catalog;
30 import com.sun.org.apache.xml.internal.resolver.CatalogManager;
31 import com.sun.org.apache.xml.internal.resolver.tools.CatalogResolver;
32 import com.sun.xml.internal.ws.server.ServerRtException;
33 import com.sun.xml.internal.ws.util.ByteArrayBuffer;
34 import org.w3c.dom.Attr;
35 import org.w3c.dom.Element;
36 import org.w3c.dom.EntityReference;
37 import org.w3c.dom.Node;
38 import org.w3c.dom.NodeList;
39 import org.w3c.dom.Text;
40 import org.xml.sax.*;
42 import javax.xml.XMLConstants;
43 import javax.xml.namespace.QName;
44 import javax.xml.parsers.DocumentBuilderFactory;
45 import javax.xml.parsers.ParserConfigurationException;
46 import javax.xml.parsers.SAXParserFactory;
47 import javax.xml.stream.XMLInputFactory;
48 import javax.xml.transform.Result;
49 import javax.xml.transform.Source;
50 import javax.xml.transform.Transformer;
51 import javax.xml.transform.TransformerConfigurationException;
52 import javax.xml.transform.TransformerException;
53 import javax.xml.transform.TransformerFactory;
54 import javax.xml.transform.sax.SAXTransformerFactory;
55 import javax.xml.transform.sax.TransformerHandler;
56 import javax.xml.transform.stream.StreamSource;
57 import javax.xml.validation.SchemaFactory;
58 import javax.xml.ws.WebServiceException;
59 import javax.xml.xpath.XPathFactory;
60 import javax.xml.xpath.XPathFactoryConfigurationException;
61 import java.io.IOException;
62 import java.io.InputStream;
63 import java.io.OutputStreamWriter;
64 import java.io.Writer;
65 import java.net.URL;
66 import java.util.ArrayList;
67 import java.util.Enumeration;
68 import java.util.Iterator;
69 import java.util.List;
70 import java.util.StringTokenizer;
71 import java.util.logging.Level;
72 import java.util.logging.Logger;
74 /**
75 * @author WS Development Team
76 */
77 public class XmlUtil {
79 // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
80 private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
82 private final static String LEXICAL_HANDLER_PROPERTY =
83 "http://xml.org/sax/properties/lexical-handler";
85 private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName());
87 private static boolean XML_SECURITY_DISABLED;
89 static {
90 String disableXmlSecurity = System.getProperty("com.sun.xml.internal.ws.disableXmlSecurity");
91 XML_SECURITY_DISABLED = disableXmlSecurity == null || !Boolean.valueOf(disableXmlSecurity);
92 }
94 public static String getPrefix(String s) {
95 int i = s.indexOf(':');
96 if (i == -1)
97 return null;
98 return s.substring(0, i);
99 }
101 public static String getLocalPart(String s) {
102 int i = s.indexOf(':');
103 if (i == -1)
104 return s;
105 return s.substring(i + 1);
106 }
110 public static String getAttributeOrNull(Element e, String name) {
111 Attr a = e.getAttributeNode(name);
112 if (a == null)
113 return null;
114 return a.getValue();
115 }
117 public static String getAttributeNSOrNull(
118 Element e,
119 String name,
120 String nsURI) {
121 Attr a = e.getAttributeNodeNS(nsURI, name);
122 if (a == null)
123 return null;
124 return a.getValue();
125 }
127 public static String getAttributeNSOrNull(
128 Element e,
129 QName name) {
130 Attr a = e.getAttributeNodeNS(name.getNamespaceURI(), name.getLocalPart());
131 if (a == null)
132 return null;
133 return a.getValue();
134 }
136 /* public static boolean matchesTagNS(Element e, String tag, String nsURI) {
137 try {
138 return e.getLocalName().equals(tag)
139 && e.getNamespaceURI().equals(nsURI);
140 } catch (NullPointerException npe) {
142 // localname not null since parsing would fail before here
143 throw new WSDLParseException(
144 "null.namespace.found",
145 e.getLocalName());
146 }
147 }
149 public static boolean matchesTagNS(
150 Element e,
151 javax.xml.namespace.QName name) {
152 try {
153 return e.getLocalName().equals(name.getLocalPart())
154 && e.getNamespaceURI().equals(name.getNamespaceURI());
155 } catch (NullPointerException npe) {
157 // localname not null since parsing would fail before here
158 throw new WSDLParseException(
159 "null.namespace.found",
160 e.getLocalName());
161 }
162 }*/
164 public static Iterator getAllChildren(Element element) {
165 return new NodeListIterator(element.getChildNodes());
166 }
168 public static Iterator getAllAttributes(Element element) {
169 return new NamedNodeMapIterator(element.getAttributes());
170 }
172 public static List<String> parseTokenList(String tokenList) {
173 List<String> result = new ArrayList<String>();
174 StringTokenizer tokenizer = new StringTokenizer(tokenList, " ");
175 while (tokenizer.hasMoreTokens()) {
176 result.add(tokenizer.nextToken());
177 }
178 return result;
179 }
181 public static String getTextForNode(Node node) {
182 StringBuilder sb = new StringBuilder();
184 NodeList children = node.getChildNodes();
185 if (children.getLength() == 0)
186 return null;
188 for (int i = 0; i < children.getLength(); ++i) {
189 Node n = children.item(i);
191 if (n instanceof Text)
192 sb.append(n.getNodeValue());
193 else if (n instanceof EntityReference) {
194 String s = getTextForNode(n);
195 if (s == null)
196 return null;
197 else
198 sb.append(s);
199 } else
200 return null;
201 }
203 return sb.toString();
204 }
206 public static InputStream getUTF8Stream(String s) {
207 try {
208 ByteArrayBuffer bab = new ByteArrayBuffer();
209 Writer w = new OutputStreamWriter(bab, "utf-8");
210 w.write(s);
211 w.close();
212 return bab.newInputStream();
213 } catch (IOException e) {
214 throw new RuntimeException("should not happen");
215 }
216 }
218 static final ContextClassloaderLocal<TransformerFactory> transformerFactory = new ContextClassloaderLocal<TransformerFactory>() {
219 @Override
220 protected TransformerFactory initialValue() throws Exception {
221 return TransformerFactory.newInstance();
222 }
223 };
225 static final ContextClassloaderLocal<SAXParserFactory> saxParserFactory = new ContextClassloaderLocal<SAXParserFactory>() {
226 @Override
227 protected SAXParserFactory initialValue() throws Exception {
228 SAXParserFactory factory = SAXParserFactory.newInstance();
229 factory.setNamespaceAware(true);
230 return factory;
231 }
232 };
234 /**
235 * Creates a new identity transformer.
236 */
237 public static Transformer newTransformer() {
238 try {
239 return transformerFactory.get().newTransformer();
240 } catch (TransformerConfigurationException tex) {
241 throw new IllegalStateException("Unable to create a JAXP transformer");
242 }
243 }
245 /**
246 * Performs identity transformation.
247 */
248 public static <T extends Result>
249 T identityTransform(Source src, T result) throws TransformerException, SAXException, ParserConfigurationException, IOException {
250 if (src instanceof StreamSource) {
251 // work around a bug in JAXP in JDK6u4 and earlier where the namespace processing
252 // is not turned on by default
253 StreamSource ssrc = (StreamSource) src;
254 TransformerHandler th = ((SAXTransformerFactory) transformerFactory.get()).newTransformerHandler();
255 th.setResult(result);
256 XMLReader reader = saxParserFactory.get().newSAXParser().getXMLReader();
257 reader.setContentHandler(th);
258 reader.setProperty(LEXICAL_HANDLER_PROPERTY, th);
259 reader.parse(toInputSource(ssrc));
260 } else {
261 newTransformer().transform(src, result);
262 }
263 return result;
264 }
266 private static InputSource toInputSource(StreamSource src) {
267 InputSource is = new InputSource();
268 is.setByteStream(src.getInputStream());
269 is.setCharacterStream(src.getReader());
270 is.setPublicId(src.getPublicId());
271 is.setSystemId(src.getSystemId());
272 return is;
273 }
275 /*
276 * Gets an EntityResolver using XML catalog
277 */
278 public static EntityResolver createEntityResolver(@Nullable URL catalogUrl) {
279 // set up a manager
280 CatalogManager manager = new CatalogManager();
281 manager.setIgnoreMissingProperties(true);
282 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container
283 manager.setUseStaticCatalog(false);
284 Catalog catalog = manager.getCatalog();
285 try {
286 if (catalogUrl != null) {
287 catalog.parseCatalog(catalogUrl);
288 }
289 } catch (IOException e) {
290 throw new ServerRtException("server.rt.err",e);
291 }
292 return workaroundCatalogResolver(catalog);
293 }
295 /**
296 * Gets a default EntityResolver for catalog at META-INF/jaxws-catalog.xml
297 */
298 public static EntityResolver createDefaultCatalogResolver() {
300 // set up a manager
301 CatalogManager manager = new CatalogManager();
302 manager.setIgnoreMissingProperties(true);
303 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container
304 manager.setUseStaticCatalog(false);
305 // parse the catalog
306 ClassLoader cl = Thread.currentThread().getContextClassLoader();
307 Enumeration<URL> catalogEnum;
308 Catalog catalog = manager.getCatalog();
309 try {
310 if (cl == null) {
311 catalogEnum = ClassLoader.getSystemResources("META-INF/jax-ws-catalog.xml");
312 } else {
313 catalogEnum = cl.getResources("META-INF/jax-ws-catalog.xml");
314 }
316 while(catalogEnum.hasMoreElements()) {
317 URL url = catalogEnum.nextElement();
318 catalog.parseCatalog(url);
319 }
320 } catch (IOException e) {
321 throw new WebServiceException(e);
322 }
324 return workaroundCatalogResolver(catalog);
325 }
327 /**
328 * Default CatalogResolver implementation is broken as it depends on CatalogManager.getCatalog() which will always create a new one when
329 * useStaticCatalog is false.
330 * This returns a CatalogResolver that uses the catalog passed as parameter.
331 * @param catalog
332 * @return CatalogResolver
333 */
334 private static CatalogResolver workaroundCatalogResolver(final Catalog catalog) {
335 // set up a manager
336 CatalogManager manager = new CatalogManager() {
337 @Override
338 public Catalog getCatalog() {
339 return catalog;
340 }
341 };
342 manager.setIgnoreMissingProperties(true);
343 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container
344 manager.setUseStaticCatalog(false);
346 return new CatalogResolver(manager);
347 }
349 /**
350 * {@link ErrorHandler} that always treat the error as fatal.
351 */
352 public static final ErrorHandler DRACONIAN_ERROR_HANDLER = new ErrorHandler() {
353 @Override
354 public void warning(SAXParseException exception) {
355 }
357 @Override
358 public void error(SAXParseException exception) throws SAXException {
359 throw exception;
360 }
362 @Override
363 public void fatalError(SAXParseException exception) throws SAXException {
364 throw exception;
365 }
366 };
368 public static DocumentBuilderFactory newDocumentBuilderFactory() {
369 return newDocumentBuilderFactory(true);
370 }
372 public static DocumentBuilderFactory newDocumentBuilderFactory(boolean secureXmlProcessing) {
373 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
374 try {
375 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessing));
376 } catch (ParserConfigurationException e) {
377 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } );
378 }
379 return factory;
380 }
382 public static TransformerFactory newTransformerFactory(boolean secureXmlProcessingEnabled) {
383 TransformerFactory factory = TransformerFactory.newInstance();
384 try {
385 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled));
386 } catch (TransformerConfigurationException e) {
387 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()});
388 }
389 return factory;
390 }
392 public static TransformerFactory newTransformerFactory() {
393 return newTransformerFactory(true);
394 }
396 public static SAXParserFactory newSAXParserFactory(boolean secureXmlProcessingEnabled) {
397 SAXParserFactory factory = SAXParserFactory.newInstance();
398 try {
399 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled));
400 } catch (Exception e) {
401 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()});
402 }
403 return factory;
404 }
406 public static XPathFactory newXPathFactory(boolean secureXmlProcessingEnabled) {
407 XPathFactory factory = XPathFactory.newInstance();
408 try {
409 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled));
410 } catch (XPathFactoryConfigurationException e) {
411 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } );
412 }
413 return factory;
414 }
416 public static XMLInputFactory newXMLInputFactory(boolean secureXmlProcessingEnabled) {
417 XMLInputFactory factory = XMLInputFactory.newInstance();
418 if (isXMLSecurityDisabled(secureXmlProcessingEnabled)) {
419 // TODO-Miran: are those apppropriate defaults?
420 factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
421 factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
422 }
423 return factory;
424 }
426 private static boolean isXMLSecurityDisabled(boolean runtimeDisabled) {
427 return XML_SECURITY_DISABLED || runtimeDisabled;
428 }
430 public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) {
432 // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied
433 if (isXMLSecurityDisabled(disableSecureProcessing)) {
434 if (LOGGER.isLoggable(Level.FINE)) {
435 LOGGER.log(Level.FINE, "Xml Security disabled, no JAXP xsd external access configuration necessary.");
436 }
437 return sf;
438 }
440 if (System.getProperty("javax.xml.accessExternalSchema") != null) {
441 if (LOGGER.isLoggable(Level.FINE)) {
442 LOGGER.log(Level.FINE, "Detected explicitly JAXP configuration, no JAXP xsd external access configuration necessary.");
443 }
444 return sf;
445 }
447 try {
448 sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value);
449 if (LOGGER.isLoggable(Level.FINE)) {
450 LOGGER.log(Level.FINE, "Property \"{0}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
451 }
452 } catch (SAXException ignored) {
453 // nothing to do; support depends on version JDK or SAX implementation
454 if (LOGGER.isLoggable(Level.CONFIG)) {
455 LOGGER.log(Level.CONFIG, "Property \"{0}\" is not supported by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
456 }
457 }
458 return sf;
459 }
461 }